A year that changed everything – Echo’s 2025 recap and what’s next

2025 was the year Echo went from a bold idea to an undeniable force in cloud security. Within just twelve months, we scaled our technology, our team, and our customer base at a pace that surpassed all expectations – while staying relentlessly focused on one mission: fixing the broken system of vulnerability management and making secure-by-design infrastructure real for global enterprises.

We started the year with momentum and ended it with proof. In under ten months, Echo closed its Series A and brought total funding to $50M. That vote of confidence wasn’t just about growth – it was about belief in a fundamentally different approach that replaces endless vulnerability triage with infrastructure that was never vulnerable to begin with.

At the heart of that approach is the platform we built this year: the first AI-native operating system for the cloud. Instead of bolting AI onto existing security workflows, AI was embedded in our DNA. We began by developing purpose-built AI agents that work autonomously to create container images from scratch and maintain them as new vulnerabilities emerge. So when a new CVE is discovered anywhere in the world, our agents automatically research it, identify affected images, and find or develop fixes from unstructured sources like GitHub comments, forums, and technical blogs. The agents then apply patches, run comprehensive compatibility and regression testing, and generate a pull request for human review.

This AI-driven model fundamentally changes what’s possible at scale. It allows our team of just 35 people to maintain more than 600 secure images continuously, which, using traditional approaches, would require hundreds of dedicated security researchers and engineers. So instead of scaling headcount, we’ve been scaling intelligence – and that’s what makes zero-CVE infrastructure viable for real-world enterprises.

In 2025, our vision quickly became tangible. We built more than 800 clean, production-ready images that customers can deploy immediately with zero known CVEs. For organizations with strict compliance requirements, we went further, delivering over 250 FIPS- and STIG-compliant images that meet some of the most demanding security standards in the world. These weren’t proof-of-concepts or lab experiments – they are enterprise-grade foundations running real workloads.

And in order to ensure Echo images were really drop-in replacements for open source images, we made sure to integrate with all of the security tools our customers were already using.  Every major container security scanner recognizes Echo images as clean, including Wiz, Orca, Trivy, Upwind, Aikido, JFrog Xray, and many others. Additionally, Echo images are fully supported across all major registries, from AWS ECR and Azure Container Registry to Google Artifact Registry, Docker Container Registry, GitHub Packages, Nexus, Harbor, and Red Hat Quay. Wherever teams build and deploy, Echo fits naturally into their existing workflows.

That enterprise readiness extended to procurement as well. In 2025, Echo became available on both the AWS and Azure marketplaces, making it easier for large organizations to adopt secure base images without friction or lengthy vendor onboarding processes.

And behind the product, the company itself scaled just as quickly. The Echo team grew across Tel Aviv, Boston, and New York, bringing together deep expertise in security research, container infrastructure, and enterprise software. What held us together was our shared belief that vulnerability management is broken – and that we can fix it.

That belief reached beyond our own platform. This past year, Echo became a CNA partner and actively contributed fixes back to the open source ecosystem, helping remediate CVEs at their origin. We were also proud to see Echo featured on the Nasdaq tower – a visible milestone that reflected how far the company has come in such a short time.

Most importantly, incredible enterprises trusted Echo to secure their foundations. In 2025, we closed several dozens of customers across industries and sectors, including teams at Varonis, EDB, UiPath, Vectra AI, and many others. These organizations didn’t come to Echo looking for another scanner or backlog of findings – they came because they wanted vulnerabilities gone altogether.

2025 was a pivotal year, but it’s only the beginning. In 2026, Echo will expand zero-CVE protection beyond containers, bringing the same upstream, automated approach to more parts of the cloud stack. We’re introducing language-level packages, providing end-of-life support where the ecosystem has left gaps, and continuing to push secure-by-design infrastructure further than it’s gone before.

The pace won’t slow down – and neither will the ambition. If 2025 proved what echo can build, 2026 will show just how far this model can scale. Secure infrastructure shouldn’t be aspirational. It should be the default – and Echo is making that a reality.